I have built a Facebook app using both the PHP and JS SDKs, but it feels as though the way I have built it is simply wrong, but I'm struggling to find any clear-cut answers (and after reading a few posts and comments on this, I'm not alone).
This is a Canvas app using CodeIgniter and SDK 5.0.0.
I have a few requirements from FB for this app:
- Log the user in, and keep them logged in for the duration of their session
- Check the logged in status, and if they log out for any reason (end of session perhaps?) the JS SDK should re-prompt for login and not allow further progess (this is fine to happen on page reload)
- Get access to
/mewithin PHP for various bits and bobs
I currently have the following JS on every page:
window.fbAsyncInit = function() {
FB.init({
appId : '#####',
xfbml : true,
cookie : true,
version : 'v2.4'
});
loaded();
FB.Canvas.startTimer();
FB.getLoginStatus(function(response) {
// Check login status on load, and if the user is
// already logged in, go directly to the welcome message.
if (response.status == 'connected') {
// Logged in already
} else {
// Otherwise, ask them to log in
window.top.location = '/login.php';
}
});
};
That works fine. Login.php has some JS that handles logging in, which also works great.
The problem arises with PHP. I have a controller which is extended on every page of the app. It seems very convoluted and over-complicated for something so simple. The PHP here is generating numerous issues, although it works initially, which makes this ridiculously difficult to debug. All of the errors returned revolve around the accesstoken - sometimes "doesn't exist', other times 'is invalid', and a host of similar errors.
I'm really struggling to move on from this so would appreciate any help to make the following simpler. It is called on every page, except the home page and the login page:
function handle_facebook()
{
$this->fb = new Facebook\Facebook([
'app_id' => $this->data['app']->fb_app_id,
'app_secret' => $this->data['app']->fb_app_secret,
'default_graph_version' => 'v2.2',
]);
$helper = $this->fb->getCanvasHelper();
$jsHelper = $this->fb->getJavaScriptHelper();
if(!empty($_SESSION['accessToken'])){
$accessToken = $_SESSION['accessToken'];
} else {
try {
$accessToken = $jsHelper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
}
if (! isset($accessToken)) {
echo 'No OAuth data could be obtained from the signed request. User has not authorized your app yet.';
} else {
$_SESSION['accessToken'] = $accessToken;
}
}
try {
// Returns a `Facebook\FacebookResponse` object
$response = $this->fb->get('/me?fields=id,name', $accessToken);
$this->user = $response->getGraphUser();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
} catch(Facebook\Exceptions\FacebookSDKException $e) {
echo 'Facebook SDK returned an error: ' . $e->getMessage();
}
return true;
}
To me, it feels as though all I really need is a standalone JS file that can be put on every page that requires a login, that checks logs the user is still logged in, and prompts for a login if they are not. Additionally, I feel like accessing the SDK from PHP should be equally as simple, by getting the accessToken from the JS Canvas helper and storing it in a session, assuming one doesn't already exist.
Where am I going wrong? I feel like I'm missing a step, or something obvious to someone more familiar with Canvas app auth.
